topic Cisco Firepower - Web Servers Policy in Network Security https://community.cisco.com/t5/network-security/cisco-firepower-web-servers-policy/m-p/4075418#M1069561 <P>Hi All,</P><P>&nbsp;</P><P>We're looking to make a change to the intrusion policy setup we use on a deployment, currently we have a single 'master' intrusion policy that we apply to all of our access policy rules. What we're looking to do is have a separate policy just for our web servers that'll only use the rule signatures relevant to the traffic (HTTP/S.)</P><P>&nbsp;</P><P>I made a new intrusion policy and used the base policy 'No Rules Active' and then filtered on rules which use the destination port 80/443 and set them to drop and generate events (Aside from the malware CNC.)</P><P>&nbsp;</P><P>I've got a couple of questions just regarding the way I've done this:</P><OL><LI>Will I run into issues with preprocessors, should I change their state from disabled (Only HTTP/S?)</LI><LI>Is there a better way of working?</LI></OL><P>&nbsp;</P><P>Apologies if this is vague, I've not got a lot of experience with Firepower; any help would be appreciated.</P> Tue, 28 Apr 2020 08:17:12 GMT STCG 2020-04-28T08:17:12Z Cisco Firepower - Web Servers Policy https://community.cisco.com/t5/network-security/cisco-firepower-web-servers-policy/m-p/4075418#M1069561 <P>Hi All,</P><P>&nbsp;</P><P>We're looking to make a change to the intrusion policy setup we use on a deployment, currently we have a single 'master' intrusion policy that we apply to all of our access policy rules. What we're looking to do is have a separate policy just for our web servers that'll only use the rule signatures relevant to the traffic (HTTP/S.)</P><P>&nbsp;</P><P>I made a new intrusion policy and used the base policy 'No Rules Active' and then filtered on rules which use the destination port 80/443 and set them to drop and generate events (Aside from the malware CNC.)</P><P>&nbsp;</P><P>I've got a couple of questions just regarding the way I've done this:</P><OL><LI>Will I run into issues with preprocessors, should I change their state from disabled (Only HTTP/S?)</LI><LI>Is there a better way of working?</LI></OL><P>&nbsp;</P><P>Apologies if this is vague, I've not got a lot of experience with Firepower; any help would be appreciated.</P> Tue, 28 Apr 2020 08:17:12 GMT https://community.cisco.com/t5/network-security/cisco-firepower-web-servers-policy/m-p/4075418#M1069561 STCG 2020-04-28T08:17:12Z